The present invention generally relates to any electronic data processing means whose features, or services which are related to it, are accessible by means of a secret code, also referred to as a “password” or a “confidential code”, which is usually received by the processing means on being entered on the keypad of host means for hosting the processing means.
For example, the data processing means are a micro-controller card, also referred to as an “integrated circuit card” (“IC card”) or a “smart card”, such as a credit card for a bank terminal or an electronic purse card for a point of sale terminal, or for any other terminal such as a mobile radiotelephone terminal equipped with an additional card reader, or else such as a subscriber identity module (SIM) card in a mobile radiotelephone terminal.
More particularly, the invention relates to the security of the access control for controlling access to the features of the smart card by means of a code which is presented to it, and which is compared with a secret code associated with the smart card and pre-recorded therein.
An attacker, i.e. a dishonest person, who wants to find out the secret code of a smart card can perform signal power analysis (SPA) by connecting an instrument for measuring the voltage across the electrical interface between the smart card and its host terminal.
In a prior art smart card, the secret code pre-recorded in a non-volatile memory of the smart card, and the presented code written temporarily in the random access memory (RAM) of the smart card are subdivided into blocks and compared block-by-block. If, after one of the block comparisons, the respective blocks are not identical, the following block comparisons are not executed, and the presented code is refused for access to the features. The duration of the verification of the presented code thus depends on the number of first correct blocks in the presented code. Therefore, the duration of the manipulation of the secret code for verifying any presented code with a view to authenticating the genuine holder of the smart card varies, thereby implicitly giving information about the secret code when power consumption characteristics of the smart card are recorded and when the durations of the comparisons for various presented codes are measured.